diff options
| author | Richard Hughes <richard@hughsie.com> | 2017-10-09 12:07:38 +0100 |
|---|---|---|
| committer | Richard Hughes <richard@hughsie.com> | 2017-10-09 12:08:47 +0100 |
| commit | f5fb6e40f5aeba2cde1de0406815af876d41be3a (patch) | |
| tree | 22dcc467c4154532b1a1dbf562ba70d7210edff6 | |
| parent | 7846f2f3a638524a0eb5b5cc2c80bf08ce18e270 (diff) | |
| download | appstream-glib-f5fb6e40f5aeba2cde1de0406815af876d41be3a.tar.gz | |
trivial: Fix a possible out-of-bounds read in as_markup_import()
| -rw-r--r-- | libappstream-glib/as-markup.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libappstream-glib/as-markup.c b/libappstream-glib/as-markup.c index 597362c..f376bf9 100644 --- a/libappstream-glib/as-markup.c +++ b/libappstream-glib/as-markup.c @@ -192,13 +192,14 @@ as_markup_import_html_text_cb (GMarkupParseContext *context, static void as_markup_import_html_erase (GString *str, const gchar *start, const gchar *end) { - gssize i, j; gssize start_len = (gssize) strlen (start); gssize end_len = (gssize) strlen (end); - for (i = 0; str->str[i] != '\0'; i++) { + if (start_len + end_len > str->len) + return; + for (gssize i = 0; i < str->len - start_len; i++) { if (memcmp (&str->str[i], start, (gsize) start_len) != 0) continue; - for (j = i; i < (gssize) str->len; j++) { + for (gssize j = i; i < (gssize) str->len; j++) { if (memcmp (&str->str[j], end, (gsize) end_len) != 0) continue; /* delete this section and restart the search */ |